Most of the backlash against systemd isn't because it's *bad* per se, but because systemd is in so many ways the opposite of the Unix philosophy.
Windows and Unix have very different approaches. Windows has MS Office and Word, a multu-gigabyte word processor with literally thousands of functions. Unix has sed, awk, grep, sort, and cut. Each a few kilobytes at most, each doing one small job. In Unix complex jobs are done by piping together small, simple pieces.
Unix manages complexity by building on top of simplicity. Windows manages complexity by hiding it under a veneer, putting the complex stuff at the base and trying to build simplicity on top of complexity. Each approach has its own strengths. The first, building complex systems by putting a simple on top of simplicity, stacking simple layers, is very much the Unix way. Systemd is very much the Windows way of having a bunch of complexity underneath and then throwing a UI on top that is supposed to make it appear simple.
This isn't about comments that they don't want kids to see. This is about some really messed up stuff that happens with the algorithm for recommending videos and comments certain people post on videos of kids. It's a messed up situation that needs to be addressed somehow. Hopefully YouTube will come up with better solutions.
I wish I did misunderstand. But here are his exact words:
-- you modify it at the same time with programs on both machines then you'll get corruption. Same thing in wsl. --
He in fact said that of you simultaneously modify it in both operating systems at once, that could corrupt the file. Of course two programs writing to the same file at the same time without coordinating will result in garbage - that's not a bug for which Microsoft is issuing a major fix. There is no find for that.
The truth is that opening or creating a file in Windows, without ever touching it from the Linux side, can destroy the entire directory it is in, requiring that the system be wiped and reinstalled. That's per MSDN. The issue isn't two programs accessible the same file. The issue is when Windows goes to update the last-modified time, which is part of the file's directory listing, it does it wrong and destroys the directory.
A) Microsoft is horribly wrong, and is strongly warning people about a major problem with their software that doesn't actually exist.
B) Your first guess when you soon the summary wasn't quite right. Once you got an idea, you refuse to learn any new information because that would mean you were DUN DUN DUN wrong! Omg that's not possible that you don't already know everything!
Here's the thing, all of us had to learn how to count, and how to use the potty. We weren't born knowing everything, and now of us knows everything today. *We all already know* that you don't know everything. Trying to pretend you know everything is futile. Nobody will fall for it. Even on this bug specifically, trying to pretend you know better than Microsoft is futile, we ALL know better. The *only* way you can look good or look stupid is this - Your response to new information tells us whether you are smart (capable of learning new things) or purposefully ignorant (refusng to learn from new information). The only way to look smart is here is to say "oh, okay, I really that wrong the first time".
There is zero chance you're going to convince anyone that Microsoft is shipping an update to fix a major bug that doesn't exist. You can only convince us that you are able to process new information and learn, or that you aren't able to.
Not at all the same thing in WSL. Let me quote the summary for you, and then explain further:
"DO NOT, under ANY circumstances, access, create, and/or modify files in your distro's filesystem using Windows apps, tools, scripts, consoles, etc." says Microsoft.
Here's the next sentence from MSDN:
Creating/changing Linux files from Windows will likely result in data corruption and/or damage your Linux environment requiring you to uninstall & reinstall your distro!
The issue is that creating a file or opening a file from Windows, without ever touching it from Linux, frequently damages the directory that it is. (Directory means "folder", for the Windows folks"). So saving a new text file inside of/usr makes all of/usr inaccessible and you have to reinstall the OS.
WSL is a cool idea. Not quite ready from prime time, it seems.
My use case may be different, but sometimes I like to do weird things, like open a file. Microsoft says WSL will destroy my files if I do that. I have no problems opening files in either Windows or Linux when using Virtualbox.
I happen to have 256MB available, maybe you don't. People with only 512MB of physical memory probably don't want to use Virtualbox. Or Windows.
I do have a machine running some Perl scripts on Windows which were designed for Linux. We've been using Cygwin. WSL might be a good option for that.
Yes, a Linux VM will need 128-256 MB of RAM. (WSL isn't competing with Gnome). Also, we're talking about people who use *Windows*, where some dialog boxes use that much RAM by themselves.
Yep. The runtime starts main(), and returns the return value of main to the OS(). So basically it does START and END.
Everything in between is the responsibility of main(). It needs not interact with the OS at all, other than being started by the OS and telling the OS when it's done. Only for standalone programs, though - kernel modules don't need to do those two things.
There is a very useful kernel module which does nothing but allocate some memory. That's all it does.:) It's used when you have a a few bytes of dodgy memory. You have that module allocate those memory addresses for it's use - and then do nothing else.
The following is the C runtime, crt0. It is 9 lines of assembler:.text.globl _start
_start: # _start is the entry point known to the linker
mov %rsp, %rbp # setup a new stack frame
mov 0(%rbp), %rdi # get argc from the stack
lea 8(%rbp), %rsi # get argv from the stack
call main # %rdi, %rsi are the first two args to main
mov %rax, %rdi # mov the return of main to the first argument
call exit # terminate the program
Compare the millions of lines in a the Java runtime. C has a runtime like Wiz Khalifa has boobs.
I haven't read the patent, so I have no idea what the patent covers. I don't know what the invention is that is patented. Have you read it? I might read it after I put kiddo to bed.
The summary mentions that the invention uses gears and levers - er I mean bar codes and scanners, but doesn't tell us anything useful regarding what is patented. The guy didn't pay gears, levers, barcodes, or scanners. He built something using these parts plus more, and patented what he built.
Try selling a weight loss program based on the insight that:
Calories in - calories burned = weight gain/loss
It's a very simple well-known fact. If you burn more calories than you ate, where did the extra calories coke from? From burning fat.
If you eat more food than you burn, whwrw does the extra food go? It stays in your body, which therefore gets bigger.
Yet the multi-billion dollar weight loss industry is centered on "new ideas" to avoid this plainly obvious (and old) fact. Fad diets. Fad workouts. Fad machines. Old facts don't sell, new ideas sell. Pedagogy is in many ways led by old gray academia, which is obsessed with new research. If it's not new, it's worthless.
Which is one reason they keep re-inventing ideas that have failed over and over and over. Economic ideas that have a shiny new package (and don't involve hard work) are great, to them. It doesn't matter that it failed 1950s, failed in the 1960s, failed in the 1970s, failed in the 1980s, and failed in thr 1990s, because the repeated failure is old. AOC is new.
It's also *possible* that the teachers are observing what happens in their classes, would mean the study is reversing cause and effect. Teachers who see students learn, perhaps because they teach an interesting subject, will think students can learn - because they do. Teachers who see students say "I'm bad at math" - and then proceed to be bad at math, will notice that. It may be both sets of teachers are observing what does happen in their classes - their particular subject in a particular field at a particular grade level, etc.
That said, I think the most likely explanation is that teachers who don't think they *can* make a difference, don't.
Teaching is one part of my job and I tend to think students can learn faster / better than they actually can. I'm a major nerd whose main hobby is learning. I read 1,200 page "textbooks" for fun. I forget that not everyone is like me.
So YOU are the person still pulling an RSS feed. I wondered who that was.
You can certainly make an argument why RSS is better than Google and Betamax Is better than VHS, but it's a bit too late for those arguments to matter.
Once again Slashdot is predicting the past. And getting mod +5 for incorrectly predicting what "would happen", after it already happened.
There are two different arguments being made, which somewhat contradict each other. This particular argument contradicts well-established facts.
It has been said "almost nobody intentionally turned on DNT, as an opt-out". That's true. That's also probably WHY the major advertisers wrote the spec that way and agreed to follow the spec they wrote, an opt-out spec. Since very few people set DNT, it had essentially no effect on the advertisers' revenue. It was good PR to offer the option, so they did. "Do you really think they would have?" is a silly question - they DID.
When Microsoft violated the spec by making it default to on, THAT affected the advertisers' revenue. They hadn't agreed to honor a default DNT on, so they stopped honoring it. That's what happened, it's not a prediction or a guess.
Knowing what happened, one might say "it's useless either way" - when it was opt-out, nobody set it, when MS went opt-in nobody honored it. That's true as far as it goes. However, robots.txt started out in much the same way. Robots.txt is opt-out, telling Google and other search engines which laws to NOT index. The search engines were fine with that because few sites used it, and often those that did were preventing spidering of infinite numbers of similar pages. Over time, more and more sites starting using robots.txt, and the SEs had already agreed to follow it, before it became well-known.
Had Microsoft left DNT alone and gave it time to become a well-established standard that didn't hurt the advertisers, there would have at least been a CHANCE that usage could slowly grow organically, in the same way the robots.txt works as an opt-out for search engines. It may or may not have become more popular if left alone as an opt-out. We'll never know because Microsoft killed it by violating the standard and setting it as default, making it opt-in. That was never going to work.
Just today I had a new co-worker try to make the same "at midnight" mistake in our code, at a security company.
Wrong: Cron midnight SELECT where Date > 24 hours ago.
Another way to do it wrong: Store update-ran (now()) Process new since update-ran
Right way: Process where processed != true
You have to consider: A) Records that occur *during* the processing B) Yesterday's run wasn't *exactly* 24 hours ago. It was at least a few miliseconds more or less, long enough to insert a few transactions
Better but still unsafe, btw:
Cron midnight SELECT where Date > 48 hours ago AND processed != True... Handle where processed = pending
This is about process-level options. Your workstation or server might have a server process that is network accessible, and another proces that is CPU-intensive. You probably do want to enable protection for your file sharing server process or IMAP; you probably want your ray tracer to run at full speed.
An example I've worked with many times is a web server that has videos in several bitrates or formats. In the background, it transcodes videos from whatever format they are in when they are uploaded. That's CPU intensive. You'd want protections on the web server daemon, probably wouldn't want to slow down the transcoding process by adding protections there.
I'm not sure I'm getting your point. A typical US-based web site will see about 5 attacks per day originating from Russia. Times 40 million web sites = 200 million attack attempts per day.
You're saying Congress should do something about this? Anything in particular they should do? I'm guessing "ignore it and play silly political games repeating the words 'Russia' and your political opponent's name over and over" isn't what you have in mind. Can you think of anything useful they can do?
I understand your frustration. Unfortunately, in security the defender can do a very good job and still miss an attack.
"Missed one" doesn't mean they didn't catch and stop 10,000 others. Google could be catching and preventing 99.99% of attempts to put something nasty in the Play Store, and still some would get through - 0.01%, to be exact.
What we know is that Google didn't do the exact same checks that these researchers did, at the exact same time, on the same apps.
This isn't to excuse any weaknesses that Google may have, simply pointing out the reason security is hard. If the defender is successful 99.9% of the time and the attacker only 0.1% of the time, the attacker wins.
On the other hand, if the attacker gets away with 99 times before being criminally prosecuted one time, they lose. So there's that.
I found that interesting because that has long been common in PHP-based malware, snippets that bad actors add to legitimate PHP pages. Many years ago I wrote software to scan a web server for malware and base64_decode was one thing it looked for.
Another chunk are non-web servers. Domains aren't just for web sites, of course. Others are only accessible from certain networks and VPNs, something like DellTeamNet.com for Dell employees or whatever.
I wonder how many of the "empty", "error", "unused", and "no web server" are actually used - just not for a public web site with a normal index page.
In case it's useful, here's basically the code my friend is proving today:
BeGreen:
output GREEN
wait
BeYellow END
BeYellow:
output YELLOW
wait
BeRed END
BeRed:
output RED
wait
BeGreen END
You can of course see by inspection that it can never turn from green to red. Nor can it turn yellow if it's currently green. The only things that can happen when it's green are: It's waiting, remaining green It turns yellow.
You can also probably imagine how a compiler-like thing could convert that from code to a table, a data structure:
Transitions {// Current state: new states [, new state]
Green: Yellow,
Yellow: Red,
Red: Green }
Based on that data, which *is* the program, you can imagine how a tool could then mathematically show that you can only get from green to red by going through yellow.
Having proved the code that operates a traffic light, it's then another round of the same thing to prove the code which operates an intersection.
Another round of similar steps proves the operation of coordinated lights on a road - with a simple state table you can prove that light A at intersection X is never red while light B at intersection Z is yellow.
Slashdot Mirror
Most of the backlash against systemd isn't because it's *bad* per se, but because systemd is in so many ways the opposite of the Unix philosophy.
Windows and Unix have very different approaches. Windows has MS Office and Word, a multu-gigabyte word processor with literally thousands of functions. Unix has sed, awk, grep, sort, and cut. Each a few kilobytes at most, each doing one small job. In Unix complex jobs are done by piping together small, simple pieces.
Unix manages complexity by building on top of simplicity. Windows manages complexity by hiding it under a veneer, putting the complex stuff at the base and trying to build simplicity on top of complexity. Each approach has its own strengths. The first, building complex systems by putting a simple on top of simplicity, stacking simple layers, is very much the Unix way. Systemd is very much the Windows way of having a bunch of complexity underneath and then throwing a UI on top that is supposed to make it appear simple.
This isn't about comments that they don't want kids to see.
This is about some really messed up stuff that happens with the algorithm for recommending videos and comments certain people post on videos of kids. It's a messed up situation that needs to be addressed somehow. Hopefully YouTube will come up with better solutions.
I wish I did misunderstand. But here are his exact words:
--
you modify it at the same time with programs on both machines then you'll get corruption.
Same thing in wsl.
--
He in fact said that of you simultaneously modify it in both operating systems at once, that could corrupt the file. Of course two programs writing to the same file at the same time without coordinating will result in garbage - that's not a bug for which Microsoft is issuing a major fix. There is no find for that.
The truth is that opening or creating a file in Windows, without ever touching it from the Linux side, can destroy the entire directory it is in, requiring that the system be wiped and reinstalled. That's per MSDN. The issue isn't two programs accessible the same file. The issue is when Windows goes to update the last-modified time, which is part of the file's directory listing, it does it wrong and destroys the directory.
So there are two possibilities here. Either:
A) Microsoft is horribly wrong, and is strongly warning people about a major problem with their software that doesn't actually exist.
B) Your first guess when you soon the summary wasn't quite right. Once you got an idea, you refuse to learn any new information because that would mean you were DUN DUN DUN wrong! Omg that's not possible that you don't already know everything!
Here's the thing, all of us had to learn how to count, and how to use the potty. We weren't born knowing everything, and now of us knows everything today. *We all already know* that you don't know everything. Trying to pretend you know everything is futile. Nobody will fall for it. Even on this bug specifically, trying to pretend you know better than Microsoft is futile, we ALL know better. The *only* way you can look good or look stupid is this -
Your response to new information tells us whether you are smart (capable of learning new things) or purposefully ignorant (refusng to learn from new information). The only way to look smart is here is to say "oh, okay, I really that wrong the first time".
There is zero chance you're going to convince anyone that Microsoft is shipping an update to fix a major bug that doesn't exist. You can only convince us that you are able to process new information and learn, or that you aren't able to.
> Don't use Edge and Facebook blocked in hosts file
What is hosts file and how do you block things in it?
Not at all the same thing in WSL. Let me quote the summary for you, and then explain further:
"DO NOT, under ANY circumstances, access, create, and/or modify files in your distro's filesystem using Windows apps, tools, scripts, consoles, etc." says Microsoft.
Here's the next sentence from MSDN:
Creating/changing Linux files from Windows will likely result in data corruption and/or damage your Linux environment requiring you to uninstall & reinstall your distro!
The issue is that creating a file or opening a file from Windows, without ever touching it from Linux, frequently damages the directory that it is. (Directory means "folder", for the Windows folks"). So saving a new text file inside of /usr makes all of /usr inaccessible and you have to reinstall the OS.
WSL is a cool idea. Not quite ready from prime time, it seems.
> Why bother with that unnecessary nonsense?
My use case may be different, but sometimes I like to do weird things, like open a file. Microsoft says WSL will destroy my files if I do that. I have no problems opening files in either Windows or Linux when using Virtualbox.
I happen to have 256MB available, maybe you don't. People with only 512MB of physical memory probably don't want to use Virtualbox. Or Windows.
I do have a machine running some Perl scripts on Windows which were designed for Linux. We've been using Cygwin. WSL might be a good option for that.
Yes, a Linux VM will need 128-256 MB of RAM. (WSL isn't competing with Gnome).
Also, we're talking about people who use *Windows*, where some dialog boxes use that much RAM by themselves.
> There is definitely an expectation of some basic facilities available to your code.
What do you have in mind when you say "some basic facilities"?
Yep. The runtime starts main(), and returns the return value of main to the OS(). So basically it does START and END.
Everything in between is the responsibility of main(). It needs not interact with the OS at all, other than being started by the OS and telling the OS when it's done. Only for standalone programs, though - kernel modules don't need to do those two things.
There is a very useful kernel module which does nothing but allocate some memory. That's all it does. :)
It's used when you have a a few bytes of dodgy memory. You have that module allocate those memory addresses for it's use - and then do nothing else.
The following is the C runtime, crt0. It is 9 lines of assembler: .text .globl _start
_start: # _start is the entry point known to the linker
mov %rsp, %rbp # setup a new stack frame
mov 0(%rbp), %rdi # get argc from the stack
lea 8(%rbp), %rsi # get argv from the stack
call main # %rdi, %rsi are the first two args to main
mov %rax, %rdi # mov the return of main to the first argument
call exit # terminate the program
Compare the millions of lines in a the Java runtime.
C has a runtime like Wiz Khalifa has boobs.
I haven't read the patent, so I have no idea what the patent covers. I don't know what the invention is that is patented. Have you read it? I might read it after I put kiddo to bed.
The summary mentions that the invention uses gears and levers - er I mean bar codes and scanners, but doesn't tell us anything useful regarding what is patented. The guy didn't pay gears, levers, barcodes, or scanners. He built something using these parts plus more, and patented what he built.
Try selling a weight loss program based on the insight that:
Calories in - calories burned = weight gain/loss
It's a very simple well-known fact. If you burn more calories than you ate, where did the extra calories coke from? From burning fat.
If you eat more food than you burn, whwrw does the extra food go? It stays in your body, which therefore gets bigger.
Yet the multi-billion dollar weight loss industry is centered on "new ideas" to avoid this plainly obvious (and old) fact. Fad diets. Fad workouts. Fad machines. Old facts don't sell, new ideas sell. Pedagogy is in many ways led by old gray academia, which is obsessed with new research. If it's not new, it's worthless.
Which is one reason they keep re-inventing ideas that have failed over and over and over. Economic ideas that have a shiny new package (and don't involve hard work) are great, to them. It doesn't matter that it failed 1950s, failed in the 1960s, failed in the 1970s, failed in the 1980s, and failed in thr 1990s, because the repeated failure is old. AOC is new.
It's also *possible* that the teachers are observing what happens in their classes, would mean the study is reversing cause and effect. Teachers who see students learn, perhaps because they teach an interesting subject, will think students can learn - because they do. Teachers who see students say "I'm bad at math" - and then proceed to be bad at math, will notice that. It may be both sets of teachers are observing what does happen in their classes - their particular subject in a particular field at a particular grade level, etc.
That said, I think the most likely explanation is that teachers who don't think they *can* make a difference, don't.
Teaching is one part of my job and I tend to think students can learn faster / better than they actually can. I'm a major nerd whose main hobby is learning. I read 1,200 page "textbooks" for fun. I forget that not everyone is like me.
> why on earth the project is not a multi-state and multi-nation venture
Because other states and countries don't want to waste billions and billions of dollars on something that isn't working?
So YOU are the person still pulling an RSS feed. I wondered who that was.
You can certainly make an argument why RSS is better than Google and Betamax Is better than VHS, but it's a bit too late for those arguments to matter.
Once again Slashdot is predicting the past. And getting mod +5 for incorrectly predicting what "would happen", after it already happened.
There are two different arguments being made, which somewhat contradict each other. This particular argument contradicts well-established facts.
It has been said "almost nobody intentionally turned on DNT, as an opt-out". That's true. That's also probably WHY the major advertisers wrote the spec that way and agreed to follow the spec they wrote, an opt-out spec. Since very few people set DNT, it had essentially no effect on the advertisers' revenue. It was good PR to offer the option, so they did. "Do you really think they would have?" is a silly question - they DID.
When Microsoft violated the spec by making it default to on, THAT affected the advertisers' revenue. They hadn't agreed to honor a default DNT on, so they stopped honoring it. That's what happened, it's not a prediction or a guess.
Knowing what happened, one might say "it's useless either way" - when it was opt-out, nobody set it, when MS went opt-in nobody honored it. That's true as far as it goes. However, robots.txt started out in much the same way. Robots.txt is opt-out, telling Google and other search engines which laws to NOT index. The search engines were fine with that because few sites used it, and often those that did were preventing spidering of infinite numbers of similar pages. Over time, more and more sites starting using robots.txt, and the SEs had already agreed to follow it, before it became well-known.
Had Microsoft left DNT alone and gave it time to become a well-established standard that didn't hurt the advertisers, there would have at least been a CHANCE that usage could slowly grow organically, in the same way the robots.txt works as an opt-out for search engines. It may or may not have become more popular if left alone as an opt-out. We'll never know because Microsoft killed it by violating the standard and setting it as default, making it opt-in. That was never going to work.
Just today I had a new co-worker try to make the same "at midnight" mistake in our code, at a security company.
Wrong:
Cron midnight SELECT where Date > 24 hours ago.
Another way to do it wrong:
Store update-ran (now())
Process new since update-ran
Right way:
Process where processed != true
You have to consider:
A) Records that occur *during* the processing
B) Yesterday's run wasn't *exactly* 24 hours ago. It was at least a few miliseconds more or less, long enough to insert a few transactions
Better but still unsafe, btw:
Cron midnight SELECT where Date > 48 hours ago AND processed != True ...
Handle where processed = pending
This is about process-level options. Your workstation or server might have a server process that is network accessible, and another proces that is CPU-intensive. You probably do want to enable protection for your file sharing server process or IMAP; you probably want your ray tracer to run at full speed.
An example I've worked with many times is a web server that has videos in several bitrates or formats. In the background, it transcodes videos from whatever format they are in when they are uploaded. That's CPU intensive. You'd want protections on the web server daemon, probably wouldn't want to slow down the transcoding process by adding protections there.
I'm not sure I'm getting your point. A typical US-based web site will see about 5 attacks per day originating from Russia. Times 40 million web sites = 200 million attack attempts per day.
You're saying Congress should do something about this?
Anything in particular they should do? I'm guessing "ignore it and play silly political games repeating the words 'Russia' and your political opponent's name over and over" isn't what you have in mind. Can you think of anything useful they can do?
I understand your frustration. Unfortunately, in security the defender can do a very good job and still miss an attack.
"Missed one" doesn't mean they didn't catch and stop 10,000 others. Google could be catching and preventing 99.99% of attempts to put something nasty in the Play Store, and still some would get through - 0.01%, to be exact.
What we know is that Google didn't do the exact same checks that these researchers did, at the exact same time, on the same apps.
This isn't to excuse any weaknesses that Google may have, simply pointing out the reason security is hard. If the defender is successful 99.9% of the time and the attacker only 0.1% of the time, the attacker wins.
On the other hand, if the attacker gets away with 99 times before being criminally prosecuted one time, they lose. So there's that.
I found that interesting because that has long been common in PHP-based malware, snippets that bad actors add to legitimate PHP pages. Many years ago I wrote software to scan a web server for malware and base64_decode was one thing it looked for.
A lot of servers we do security for have stuff at http://domain.com/employeeport... and http://domain.com/he/ or whatever, but nothing on the index page.
Another chunk are non-web servers. Domains aren't just for web sites, of course. Others are only accessible from certain networks and VPNs, something like DellTeamNet.com for Dell employees or whatever.
I wonder how many of the "empty", "error", "unused", and "no web server" are actually used - just not for a public web site with a normal index page.
If I had mod points, dear AC, I would have voted it up.
I see that now, those who had mod points did vote it up after I posted.
In case it's useful, here's basically the code my friend is proving today:
BeGreen:
output GREEN
wait
BeYellow
END
BeYellow:
output YELLOW
wait
BeRed
END
BeRed:
output RED
wait
BeGreen
END
You can of course see by inspection that it can never turn from green to red. Nor can it turn yellow if it's currently green. The only things that can happen when it's green are:
It's waiting, remaining green
It turns yellow.
You can also probably imagine how a compiler-like thing could convert that from code to a table, a data structure:
Transitions { // Current state: new states [, new state]
Green: Yellow,
Yellow: Red,
Red: Green
}
Based on that data, which *is* the program, you can imagine how a tool could then mathematically show that you can only get from green to red by going through yellow.
Having proved the code that operates a traffic light, it's then another round of the same thing to prove the code which operates an intersection.
Another round of similar steps proves the operation of coordinated lights on a road - with a simple state table you can prove that light A at intersection X is never red while light B at intersection Z is yellow.